| NAME OF POLICY | Privacy Policy |
| VERSION | 5.2 |
| COMPLY WITH | National Vocational Education and Training Regulator (Outcome Standards for Registered Training Organisations) Instrument 2025 Standard 2.7 & 2.8National Vocational Education and Training Regulator (Compliance Standards for NVR Registered Training Organisations and Fit and Proper Person Requirements) Instrument 2025 Division 3 – Accountability – 20: Compliance with lawsPrivacy Act 1988 (Commonwealth) Privacy & Personal Information Protection Act 1998 (NSW)Australian Privacy PrinciplesStudent Identifiers Act 2014 |
| DATE CREATED | 25.06.2025 |
| DATE LAST REVISED | November 2020 |
| AUTHOR | Compliance Coordinator |
| AUTHORISED BY | RTO Manager |
| AUTHORISED DATE | 27.06.2025 |
| IMPLEMENTATION DATE | 30.06.2025 |
| REVIEW DATE | 30.06.2026 |
| METS TRAINING SERVICES | Referred throughout this document as METS |
Purpose
This policy outlines how METS collects, uses, stores and discloses personal information in accordance with the relevant Legislation. METS is committed to protecting the privacy of its learners, internal and external stakeholders ensuring the secure and transparent handling of all personal information.
Scope
This policy applies to all personal information collected, stored, used or disclosed by METS in relation to its operations as a Registered Training Organisation (RTO),k including information collected from learners, prospective learners, clients, employers, staff, contractors, service providers and third parties.
This policy covers all METS systems and processes used to manage personal information, including databases, learner management systems, communication systems, and physical or electronic learner files.
While this policy does not govern the use of external government databases (such as those operated by the USI Registry or NCVER), it does outline how METS meets its privacy obligations when collecting, handling, and disclosing information to these entities in accordance with the Legislation mentioned above.
Policy
METS is required to collect personal information from learners in order to process enrolments and obtain the required information in order to provide suitable and customised training and assessment services.
METS takes all reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure including restricted access to electronic files, secure storage of paper files and secure back up of data.
METS will not revel, disclose, sell, distribute, rent, license, share or pass on personal information to a third party, other than those that we have a binding agreement with, for training purposes only, ensuring that the third party affords the personal information similar levels of protection as METS does.
In order to provide learners with training and assessment services, METS are required to disclose personal information for the purposes of AVETMISS reporting and claiming public funds for the delivery of training and assessment services under contracts such as Smart and Skilled.
METS will only disclose personal information to a third party where one or more of the following apply:
- Stake holders have given consent either verbally or written.
- It is authorised or required by law, or necessary for enforcement of law.
- It will protect the rights, property or personal safety of another person.
- The assets and operations of METS’ business are transferred.
Learners can access their personal information by requesting so in writing, except when government legislation requires or authorises the refusal of access.
Procedure
What Personal Information We Collect
We collect personal information such as:
- Full name, date of birth, gender, and contact details
- USI (Unique Student Identifier)
- Emergency contact details
- Citizenship and residency status
- Education and employment history
- Information required for eligibility assessment (e.g., LLND results, concession details, funding eligibility)
- Records of training and assessment
- Feedback and complaints
- Information provided through surveys or consultation activities
In some cases, we may also collect sensitive information, such as:
- Health or disability details (for support or reasonable adjustment)
- Indigenous status
- Language, literacy, and numeracy needs
How We Collect Personal Information
Personal information is collected through:
- Enrolment and application forms (online and hard copy)
- Direct contact via email, phone, or in person
- Website and learning management system (LMS) use
- Third-party arrangements (e.g., employers, schools, or subcontractors)
- Government databases or authorities (e.g., USI Registry, NCVER)
Where possible, we collect personal information directly from the individual concerned.
Why We Collect and Use Personal Information
We collect personal information to:
- Deliver nationally recognised training and assessment
- Verify student identity (e.g., USI)
- Report data to the National Centre for Vocational Education Research (NCVER)
- Meet government funding and regulatory requirements
- Provide support services
- Maintain accurate and complete records
- Respond to inquiries, complaints, or appeals
- Communicate with learners, employers, and stakeholders
Disclosure of Personal Information
We may disclose personal information to:
- Government departments (e.g., Department of Employment and Workplace Relations, NCVER, ASQA)
- USI Registry System
- Relevant state training authorities
- Employers, schools, or third parties (with the individual’s consent or where permitted by law)
- IT service providers or contractors (bound by privacy obligations)
We will not sell or share personal information for marketing purposes.
Data Security and Storage
METS takes reasonable steps to ensure personal information is:
- Accurate, complete, and up to date
- Protected from misuse, loss, unauthorised access, or disclosure
- Stored securely using physical and digital safeguards
- Retained only as long as required by law or for legitimate business purposes
When no longer required, records are securely destroyed or de-identified in accordance with our Records Management Policy.
Access and Correction
Under the Privacy Act 1988, individuals have the right to:
- Request access to the personal information we hold about them
- Request corrections to ensure accuracy and completeness
Requests should be directed to the RTO Manager via the contact details below. We aim to respond within ten (10) business days.
Complaints
If you believe your privacy has been breached, you may lodge a complaint by contacting us in writing. Complaints will be handled promptly and in accordance with our METS033 Complaints and Appeals Management System.
If you are not satisfied with the outcome, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
Definitions
| Term | Definition |
| Personal Information | Information or an opinion about an identified individual, or an individual who is reasonably identifiable. |
| Sensitive Information | A subset of personal information that includes information about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal record. |
| APPs (Australian Privacy Principles) | Principles contained in Schedule 1 of the Privacy Act 1988 that govern the standards, rights, and obligations around handling personal information. |
| USI (Unique Student Identifier) | A reference number assigned to individuals undertaking nationally recognised training in Australia to track their training records and results. |
| AVETMISS | The Australian Vocational Education and Training Management Information Statistical Standard used to collect and report student enrolment and outcome data. |
| Disclosure | The release of personal information to a third party external to the organisation. |
| Access | The right of individuals to view the personal information that an organisation holds about them. |
| Correction | The process of amending personal information to ensure it is accurate, up-to-date, and complete. |
| Third Party | An individual or organisation outside of METS that may provide services or receive disclosed information under a binding agreement. |
| NCVER | The National Centre for Vocational Education Research, responsible for collecting and managing VET data. |
| OAIC | Office of the Australian Information Commissioner, the national independent regulator for privacy and information access. |
Roles and Responsibilities
| Term | Definition |
| RTO Manager | Overall accountability for privacy compliance across the organisation. Approves the Privacy Policy and ensures it is reviewed regularly. Ensures appropriate privacy training is provided to relevant stakeholders. |
| Compliance Coordinator | Maintains and reviews the Privacy Policy and Procedure.Ensures compliance with relevant legislation and standards.Monitors privacy breaches and leads investigations as required.Provides guidance and training to relevant stakeholders on privacy obligations. |
| Trainers and Assessors | Collect, use, and store learner information in accordance with this policy.Ensure privacy is maintained when handling learner files, assessment records, and communications.Report any suspected breaches of privacy to the Compliance Coordinator. |
| Administrative Staff | Handle enrolment, USI, and identification information with confidentiality.Maintain secure physical and digital records.Ensure that access to personal information is restricted to authorised personnel only. |
| IT Support / System Administrators | Implement and maintain system security to protect personal data.Ensure data backups, user access controls, and encryption practices are in place.Respond to data security incidents as required. |
| Learners and Stakeholders | Provide accurate personal information as required.Read and understand how their information will be used.Raise concerns or request corrections to their data via the appropriate process. |
- Documentation
| Number | Title | Status | Location |
| METS033 | Complaints and Appeals Form | Current | Quality Library |
| METS033 | Complaints and Appeals Procedure | Current | Quality Library |
| METS033 | Complaints and Appeals Register | Current | Quality Library |
| METS137 | Continuous Improvement Register – All Departments | Current | Quality Library |
| METS137 | Continuous Improvement Policy & Procedure | Current | Quality Library |
| METS137 | Corrective Action Request Form | Current | Quality Library |
METS operates under a range of Legislation that governs training and assessment practices, as well as general business operations. This Legislation outlines METS’ responsibilities as a Registered Training Organisation (RTO), our obligations to learners, and our compliance with industry standards in which we deliver training.
Key Legislation relevant to METS and the participation of learners in vocational Education and Training (VET) includes, but is not limited to:
| Published: 30/06/2025 | Review Date: 30/06/2027 | Owner Compliance Coordinator | CONTROLLED DOCUMENT – May not be current version when printed | ||
| Doc Name: METS007 Privacy Policy & Procedure V5.2 | METS Training Services RTO Code: 91018 | Page  of 1/1 | |||
METS is a subsidiary of Scope (Aust) Ltd and follows Scope’s policies and procedures. This includes the Scope Privacy Policy, which applies to all METS activities.